CVE-2012-3540
OpenStack Horizon Essex (2012.1) - Open Redirect via Login Next Parameter
Title source: llmDescription
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78196
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/horizon/+bug/1039077
Exploit, Patch x_refsource_confirm
https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1565-1
Various Sources mailing-list
x_refsource_mlist
https://lists.launchpad.net/openstack/msg16281.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50480
Various Sources mailing-list
x_refsource_mlist
https://lists.launchpad.net/openstack/msg16278.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/30/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55329
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/30/5
Scores
EPSS
0.0191
EPSS Percentile
83.5%
Details
CWE
CWE-20
Status
published
Products (1)
openstack/horizon
2012.1
Published
Sep 05, 2012
Tracked Since
Feb 18, 2026